Add option to disable Extended Master Secret
authorTodd Short <tshort@akamai.com>
Mon, 10 Jul 2017 17:28:35 +0000 (13:28 -0400)
committerMatt Caswell <matt@openssl.org>
Fri, 15 Feb 2019 10:11:18 +0000 (10:11 +0000)
Add SSL_OP64_NO_EXTENDED_MASTER_SECRET, that can be set on either
an SSL or an SSL_CTX. When processing a ClientHello, if this flag
is set, do not indicate that the EMS TLS extension was received in
either the ssl3 object or the SSL_SESSION.  Retain most of the
sanity checks between the previous and current session during
session resumption, but weaken the check when the current SSL
object is configured to not use EMS.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3910)


No differences found